CERTFR-2014-AVI-541
Vulnerability from certfr_avis - Published: 2014-12-24 - Updated: 2014-12-24
De multiples vulnérabilités ont été corrigées dans Huawei. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Huawei Tecal XH310 V2 versions antérieures à V100R001C00SPC111 | ||
| N/A | N/A | Huawei Tecal XH621 V2 versions antérieures à V100R001C00SPC107 | ||
| N/A | N/A | Huawei Tecal RH5885 V3 versions antérieures à V100R003C01SPC103 | ||
| N/A | N/A | Huawei Tecal RH2268 V2 versions antérieures à V100R002C00SPC118 | ||
| N/A | N/A | Huawei Tecal DH310 V2 versions antérieures à V100R001C00SPC111 | ||
| N/A | N/A | Huawei Tecal DH621 V2 versions antérieures à V100R001C00SPC107 | ||
| N/A | N/A | Huawei Tecal XH311 V2 versions antérieures à V100R001C00SPC111 | ||
| N/A | N/A | Huawei Tecal E9000 Chassis versions antérieures à V100R001C00SPC180 | ||
| N/A | N/A | Huawei Tecal RH2485 V2 versions antérieures à V100R002C00SPC503 | ||
| N/A | N/A | Huawei USG9580 versions antérieures à V300R001C01SPC300 | ||
| N/A | N/A | Huawei Tecal RH2285H V2 versions antérieures à V100R002C00SPC112 | ||
| N/A | N/A | Huawei Tecal RH2285 V2 versions antérieures à V100R002C00SPC116 | ||
| N/A | N/A | Huawei Tecal RH2265 V2 versions antérieures à V100R002C00SPC116 | ||
| N/A | N/A | Huawei Tecal BH640 V2 versions antérieures à V100R002C00SPC109 | ||
| N/A | N/A | Huawei USG9520 versions antérieures à V300R001C01SPC300 | ||
| N/A | N/A | Huawei Tecal RH2265 V2 versions antérieures à V100R002C00SPC112 | ||
| N/A | N/A | Huawei Tecal RH2288H V2 versions antérieures à V100R002C00SPC116 | ||
| N/A | N/A | Huawei Tecal RH2288 V2 versions antérieures à V100R002C00SPC118 | ||
| N/A | N/A | Huawei Tecal RH5885H V3 versions antérieures à V100R003C00SPC103 | ||
| N/A | N/A | Huawei Tecal BH620 V2 versions antérieures à V100R002C00SPC107 | ||
| N/A | N/A | Huawei Tecal DH620 V2 versions antérieures à V100R001C00SPC107 | ||
| N/A | N/A | Huawei Tecal BH622 V2 versions antérieures à V100R002C00SPC111 | ||
| N/A | N/A | Huawei WS318 versions antérieures à V100R001C01B023 | ||
| N/A | N/A | Huawei Tecal DH320 V2 versions antérieures à V100R001C00SPC107 | ||
| N/A | N/A | Huawei Tecal XH320 V2 versions antérieures à V100R001C00SPC111 | ||
| N/A | N/A | Huawei USG9560 versions antérieures à V300R001C01SPC300 | ||
| N/A | N/A | Huawei Tecal RH1288 V2 versions antérieures à V100R002C00SPC116 | ||
| N/A | N/A | Huawei Tecal DH628 V2 versions antérieures à V100R001C00SPC107 | ||
| N/A | N/A | Huawei Tecal BH621 V2 versions antérieures à V100R002C00SPC107 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Huawei Tecal XH310 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC111",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal XH621 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC107",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH5885 V3 versions ant\u00e9rieures \u00e0 V100R003C01SPC103",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2268 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC118",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal DH310 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC111",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal DH621 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC107",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal XH311 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC111",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal E9000 Chassis versions ant\u00e9rieures \u00e0 V100R001C00SPC180",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2485 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC503",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei USG9580 versions ant\u00e9rieures \u00e0 V300R001C01SPC300",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2285H V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC112",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2285 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC116",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2265 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC116",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal BH640 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC109",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei USG9520 versions ant\u00e9rieures \u00e0 V300R001C01SPC300",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2265 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC112",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2288H V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC116",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH2288 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC118",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH5885H V3 versions ant\u00e9rieures \u00e0 V100R003C00SPC103",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal BH620 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC107",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal DH620 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC107",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal BH622 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC111",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei WS318 versions ant\u00e9rieures \u00e0 V100R001C01B023",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal DH320 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC107",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal XH320 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC111",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei USG9560 versions ant\u00e9rieures \u00e0 V300R001C01SPC300",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal RH1288 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC116",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal DH628 V2 versions ant\u00e9rieures \u00e0 V100R001C00SPC107",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Huawei Tecal BH621 V2 versions ant\u00e9rieures \u00e0 V100R002C00SPC107",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2014-12-24T00:00:00",
"last_revision_date": "2014-12-24T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-WPSPIN du 24 d\u00e9cembre 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408091.htm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-Tecal du 24 d\u00e9cembre 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408100.htm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-HMM du 24 d\u00e9cembre 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408102.htm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-HMM du 24 d\u00e9cembre 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408118.htm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-02-HMM du 24 d\u00e9cembre 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408117.htm"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-USG du 24 d\u00e9cembre 2014",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-408141.htm"
}
],
"reference": "CERTFR-2014-AVI-541",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-12-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHuawei\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Huawei",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-Tecal du 24 d\u00e9cembre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-WPSPIN du 24 d\u00e9cembre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-HMM du 24 d\u00e9cembre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-01-USG du 24 d\u00e9cembre 2014",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Huawei Huawei-SA-20141224-02-HMM du 24 d\u00e9cembre 2014",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…